Transcription
CompTIA PT1-002CompTIA PenTest Certification Beta ExamCompTIA PT1-002 Dumps Available Here -exam/pt1-002-dumps.htmlEnrolling now you will get access to 110 questions in a unique set of PT1002 dumpsQuestion 1A client wants a security assessment company to perform a penetration test against its hot site. Thepurpose of the test is to determine the effectiveness of the defenses that protect against disruptions tobusiness continuity. Which of the following is the MOST important action to take before starting this type ofassessment?Options:A. Ensure the client has signed the SOW.B. Verify the client has granted network access to the hot site.C. Determine if the failover environment relies on resources not owned by the client.D. Establish communication and escalation procedures with the client.Answer: CQuestion 2Performing a penetration test against an environment with SCADA devices brings additional safety riskbecause the:Options:A. devices produce more heat and consume more power.B. devices are obsolete and are no longer available for replacement.C. protocols are more difficult to understand.D. devices may cause physical world effects.Answer: CExplanation:Reference: https://www.certification-questions.com
CompTIA PT1-002Question 3Which of the following documents describes specific activities, deliverables, and schedules for apenetration tester?Options:A. NDAB. MSAC. SOWD. MOUAnswer: CQuestion 4A company hired a penetration-testing team to review the cyber-physical systems in a manufacturing plant.The team immediately discovered the supervisory systems and PLCs are both connected to the companyintranet. Which of the following assumptions, if made by the penetration-testing team, is MOST likely to bevalid?Options:A. PLCs will not act upon commands injected over the network.B. Supervisors and controllers are on a separate virtual network by default.16889E7A879ADCAACEC3955A2D6A7315C. Controllers will not validate the origin of commands.D. Supervisory systems will detect a malicious injection of code/commands.Answer: CQuestion 5A new security firm is onboarding its first client. The client only allowed testing over the weekend andneeded the results Monday morning. However, the assessment team was not able to access theenvironment as expected until Monday. Which of the following should the security company have acquiredBEFORE the start of the assessment?Options:A. A signed statement of workB. The correct user accounts and associated passwordshttps://www.certification-questions.com
CompTIA PT1-002C. The expected time frame of the assessmentD. The proper emergency contacts for the clientAnswer: CQuestion 6A penetration tester has obtained a low-privilege shell on a Windows server with a default configuration andnow wants to explore the ability to exploit misconfigured service permissions. Which of the followingcommands would help the tester START this process?Options:A. certutil –urlcache –split –f exeB. powershell (New-Object .2.124/upload.php’, ‘systeminfo.txt’)C. schtasks /query /fo LIST /v find /I "Next Run Time:”D. wget exe –Oaccesschk64.exeAnswer: BExplanation:Reference: n-windows-380bee3a2842Question 7HOTSPOTYou are a security analyst tasked with hardening a web server.You have been given a list of HTTP payloads that were flagged as malicious.INSTRUCTIONSGiven the following attack signatures, determine the attack type, and then identify the associatedremediation to prevent the attack in the future.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.https://www.certification-questions.com
CompTIA PT1-002https://www.certification-questions.com
CompTIA PT1-00216889E7A879ADCAACEC3955A2D6A7315Hot .com
CompTIA PT1-002https://www.certification-questions.com
CompTIA PT1-002Answer: on 8Which of the following protocols or technologies would provide in-transit confidentiality protection foremailing the final security assessment report?Options:A. S/MIMEB. FTPSC. DNSSECD. AS2Answer: AExplanation:Reference: DCAACEC3955A2D6A7315protocolsQuestion 9A penetration tester recently completed a review of the security of a core network device within a corporateenvironment. The key findings are as follows: The following request was intercepted going to the network device:GET /login HTTP/1.1Host: 10.50.100.16User-Agent: Mozilla/5.0 (X11; Linux x86 64; rv:31.0) Gecko/20100101Firefox/31.0Accept-Language: en-US,en;q 0.5Connection: keep-aliveAuthorization: Basic ication-questions.com
CompTIA PT1-002 Network management interfaces are available on the production network. An Nmap scan returned the following:Which of the following would be BEST to add to the recommendations section of the final report? (Choosetwo.)Options:A. Enforce enhanced password complexity requirements.B. Disable or upgrade SSH daemon.C. Disable HTTP/301 redirect configuration.D. Create an out-of-band network for management.E. Implement a better method for authentication.F. Eliminate network management and control interfaces.Answer: C, EQuestion 10A penetration tester ran a ping –A command during an unknown environment test, and it returned a 128TTL packet. Which of the following OSs would MOST likely return a packet of this type?Options:A. WindowsB. AppleC. LinuxD. AndroidAnswer: AExplanation:Reference: basic-internet-problems-with-ping/Would you like to see more? Don't miss our PT1-002 PDFfile stions.com
A new security firm is onboarding its first client. The client only allowed testing over the weekend and needed the results Monday morning. However, the assessment team was not able to access the environment as expected until Monday. Which of the following should the security company have acquired BEFORE the start of the assessment? Options: A.
